Category Started On Completed On Duration Cuckoo Version
FILE 2014-07-17 15:56:04 2014-07-17 15:59:34 210 seconds 1.2-dev
Machine Label Manager Started On Shutdown On
machine3 winxpmacine3 VirtualBox 2014-07-17 15:56:05 2014-07-17 15:59:33

File Details

File name Details.pdf
File size 62207 bytes
File type PDF document, version 1.5
CRC32 FD552132
MD5 9e5e6fd1fd86e475cf251f2ed17a901c
SHA1 380674087d7d53505e7563090d611b5ce2759d9b
SHA256 305c3f18031a05513a19c653ad5881bf2b0da53f5509f0b32de4ca5abf866061
SHA512 5519d4e6aee3af7b49064bfba0eb4a42b11f88c5062348118f6fe563eaba6be19cae5ea1fa5b522e37373b3529f2633fe87cb1f4cf17ffeeca538d729ccb3dd9
Ssdeep None
PEiD None matched
Yara None matched
VirusTotal Permalink
VirusTotal Scan Date: 2014-07-17 19:48:47
Detection Rate: 0/54 (Expand)

Signatures

Starts servers listening on 127.0.0.1:0, 0.0.0.0:0
Collects information to fingerprint the system (MachineGuid, DigitalProductId, SystemBiosDate)
Steals private information from local Internet browsers
Installs itself for autorun at Windows startup

Screenshots

Static Analysis

Nothing to display.

Dropped Files

Nothing to display.

Network Analysis

Hosts Involved

DNS Requests

Behavior Summary

Files
  • C:\DOCUME~1
  • C:\DOCUME~1\TDW
  • C:\DOCUME~1\TDW\LOCALS~1
  • C:\DOCUME~1\TDW\LOCALS~1\Temp
  • C:\DOCUME~1\TDW\LOCALS~1\Temp\Details.pdf
  • C:\Documents and Settings\TDW\Local Settings\Temp\Details.pdf
  • C:\Documents and Settings\TDW
  • C:\Documents and Settings\TDW\Local Settings\Temp
  • C:\WINDOWS\system32\KBDUS.DLL
  • C:\WINDOWS
  • C:\Program Files\Adobe
  • C:\Program Files\Adobe\Reader 11.0\Reader
  • C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx
  • C:\Documents and Settings\TDW\Application Data\Adobe
  • C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat
  • C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0
  • C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe
  • C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe\Acrobat
  • C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe\Acrobat\11.0
  • C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe\Color
  • C:\Documents and Settings\TDW\Application Data\Microsoft\Speech
  • C:\WINDOWS\system32
  • C:\Documents and Settings\TDW\Local Settings\Application Data\
  • C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe\
  • C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe\Acrobat\
  • C:\Documents and Settings\TDW\
  • C:\Documents and Settings\TDW\Local Settings\
  • C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe\Color\ACECache11.lst
  • C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\
  • C:\WINDOWS\system32\rsaenh.dll
  • C:\Documents and Settings\TDW\Application Data\
  • C:\Documents and Settings\TDW\Application Data\Adobe\
  • C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\
  • C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\Security
  • C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\Security\
  • C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\Security\services_rdrk.dat
  • C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\Security\services_rdr.dat
  • C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\Security\services_rdri.dat
  • C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages
  • PIPE\wkssvc
  • IDE#CdRomVBOX_CD-ROM_____________________________1.0_____#42562d3231303037333036372020202020202020#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
  • MountPointManager
  • STORAGE#Volume#1&30a96598&0&SignatureC7EDC7EDOffset7E00Length27F4DB200#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
  • C:\Documents and Settings
  • C:\Documents and Settings\TDW\My Documents
  • C:\Documents and Settings\TDW\My Documents\desktop.ini
  • C:\Documents and Settings\All Users
  • C:\Documents and Settings\All Users\Documents
  • C:\Documents and Settings\All Users\Documents\desktop.ini
  • C:\Documents and Settings\TDW\Desktop
  • C:\Documents and Settings\All Users\Desktop
  • C:\WINDOWS\Registration\R000000000007.clb
  • C:\Program Files\Adobe\Reader 11.0\Reader\Eula.exe
  • C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe\Acrobat\11.0\UserCache.bin
  • C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\Collab\
  • C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\Collab
  • C:\Documents and Settings\TDW\Application Data\desktop.ini
  • C:\Documents and Settings\TDW\Application Data\Adobe\Flash Player\
  • C:\Documents and Settings\TDW\Application Data\Adobe\Flash Player\AssetCache\
  • C:\Documents and Settings\TDW\Application Data\Adobe\Flash Player\AssetCache\HWBE6J4K
  • C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\FAP1.tmp
  • C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\FAP1.tmp
  • C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe\Acrobat\11.0\
  • C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe\Acrobat\11.0\SharedDataEvents
  • C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe\Acrobat\11.0\SharedDataEvents-journal
  • C:\Documents and Settings\TDW\Local Settings\Temp\
  • PIPE\lsarpc
  • C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal
  • C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\
  • C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\A9R494C.tmp
  • C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\Temporary Internet Files
  • C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\
  • C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5
  • C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\index.dat
  • C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\index.dat
  • C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\desktop.ini
  • C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\desktop.ini
  • C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\05K36B4H
  • C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\05K36B4H
  • C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\05K36B4H\desktop.ini
  • C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\05K36B4H\desktop.ini
  • C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\4J25U3AR
  • C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\4J25U3AR
  • C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\4J25U3AR\desktop.ini
  • C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\4J25U3AR\desktop.ini
  • C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\2DIVGR87
  • C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\2DIVGR87
  • C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\2DIVGR87\desktop.ini
  • C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\2DIVGR87\desktop.ini
  • C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\CTEVWX2Z
  • C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\CTEVWX2Z
  • C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\CTEVWX2Z\desktop.ini
  • C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\CTEVWX2Z\desktop.ini
  • C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\Cookies\
  • C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Cookies
  • C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\Cookies\index.dat
  • C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Cookies\index.dat
  • C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\History
  • C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\History
  • C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\History\History.IE5\
  • C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\History\History.IE5
  • C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\History\History.IE5\index.dat
  • C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\History\History.IE5\index.dat
  • C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\History\History.IE5\desktop.ini
  • C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\History\History.IE5\desktop.ini
  • C:\Documents and Settings\TDW\Local Settings\Temporary Internet Files
  • C:\Documents and Settings\TDW\Local Settings\History
  • C:\Documents and Settings\TDW\Local Settings\Temporary Internet Files\Content.IE5\
  • C:\
  • C:\Documents and Settings\TDW\Local Settings\Temporary Internet Files\Content.IE5\index.dat
  • C:\Documents and Settings\TDW\Cookies\
  • C:\Documents and Settings\TDW\Cookies\index.dat
  • C:\Documents and Settings\TDW\Local Settings\History\History.IE5\
  • C:\Documents and Settings\TDW\Local Settings\History\History.IE5\index.dat
  • C:\WINDOWS\system32\userenv.dll
  • c:\autoexec.bat
  • C:\Documents and Settings\TDW\Local Settings
  • C:\Documents and Settings\TDW\Application Data\Microsoft\SystemCertificates\My\Certificates\*
  • C:\Documents and Settings\TDW\Application Data\Microsoft\SystemCertificates\My\CRLs\*
  • C:\Documents and Settings\TDW\Application Data\Microsoft\SystemCertificates\My\CTLs\*
  • C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk\*.pbk
  • C:\WINDOWS\system32\Ras\*.pbk
  • C:\Documents and Settings\TDW\Application Data\Microsoft\Network\Connections\Pbk\*.pbk
  • C:\Documents and Settings\TDW\Cookies\tdw@adobe[2].txt
  • C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\assets
  • C:\WINDOWS\system32\shell32.dll
  • C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\A9R494D.tmp
  • C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\A9R494D.tmp
Mutexes
  • Global\ARM Update Mutex
  • Global\Acro Update Mutex
  • {100184D2-BDC3-477a-B8D3-65548B67914C}_456
  • _!MSFTHISTORY!_
  • c:!documents and settings!tdw!local settings!temporary internet files!content.ie5!
  • c:!documents and settings!tdw!cookies!
  • c:!documents and settings!tdw!local settings!history!history.ie5!
  • WininetStartupMutex
  • WininetConnectionMutex
  • WininetProxyRegistryMutex
Registry Keys
  • HKEY_LOCAL_MACHINE\Software\Policies\Adobe\Acrobat Reader\11.0\FeatureLockDown
  • HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\11.0\Privileged
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Acrobat Reader\11.0
  • HKEY_LOCAL_MACHINE\Software\Adobe\Adobe Acrobat\11.0\Security
  • HKEY_LOCAL_MACHINE\Software\Adobe\Acrobat Reader\11.0\Installer
  • HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\11.0\AVGeneral\cRecentFiles\c1
  • HKEY_USERS\S-1-5-21-1935655697-1606980848-1060284298-1003
  • Keyboard Layout\Preload
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{20D04FE0-3AEA-1069-A2D8-08002B30309D}
  • HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32
  • HKEY_CLASSES_ROOT\Drive\shellex\FolderExtensions
  • HKEY_CLASSES_ROOT\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}
  • HKEY_CURRENT_USER\
  • HKEY_CLASSES_ROOT\
  • HKEY_LOCAL_MACHINE\
  • HKEY_USERS\
  • HKEY_CURRENT_CONFIG\
  • HKEY_CURRENT_USER\Software\Adobe\Adobe Acrobat\11.0
  • HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\11.0
  • HKEY_CURRENT_USER\Software\Adobe\Adobe Synchronizer\11.0
  • HKEY_CURRENT_USER\Software\Adobe\CommonFiles\Usage\Reader 11
  • HKEY_LOCAL_MACHINE\SOFTWARE\Justsystem\ATOK\Setup\Folder
  • HKEY_LOCAL_MACHINE\System
  • HKEY_LOCAL_MACHINE\System\Acrobatbrokerserverdispatchercpp789
  • Software\Adobe\Acrobat Reader\11.0\Installer\Migrated
  • Language
  • Software\Adobe\Adobe Synchronizer\11.0
  • Software\Adobe\Adobe Synchronizer\11.0\SOFTWARE\Microsoft\Cryptography\Providers\Type 001
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Strong Cryptographic Provider
  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Offload
  • HKEY_USERS\S-1-5-21-1935655697-1606980848-1060284298-1003\SOFTWARE\Microsoft\Cryptography\Providers\Type 001
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe
  • HKEY_CLASSES_ROOT\.exe
  • HKEY_CLASSES_ROOT\exefile
  • HKEY_CLASSES_ROOT\exefile\CurVer
  • HKEY_CLASSES_ROOT\exefile\
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
  • HKEY_CLASSES_ROOT\exefile\\ShellEx\IconHandler
  • HKEY_CLASSES_ROOT\SystemFileAssociations\.exe
  • HKEY_CLASSES_ROOT\SystemFileAssociations\application
  • HKEY_CLASSES_ROOT\exefile\\Clsid
  • HKEY_CLASSES_ROOT\*
  • HKEY_CLASSES_ROOT\*\Clsid
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{e6c716a0-b561-11e1-9849-806d6172696f}\
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{e6c716a2-b561-11e1-9849-806d6172696f}\
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e6c716a2-b561-11e1-9849-806d6172696f}\
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e6c716a0-b561-11e1-9849-806d6172696f}\
  • HKEY_CLASSES_ROOT\Directory
  • HKEY_CLASSES_ROOT\Directory\CurVer
  • HKEY_CLASSES_ROOT\Directory\
  • HKEY_CLASSES_ROOT\Directory\\ShellEx\IconHandler
  • HKEY_CLASSES_ROOT\Directory\\Clsid
  • HKEY_CLASSES_ROOT\Folder
  • HKEY_CLASSES_ROOT\Folder\Clsid
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
  • HKEY_CLASSES_ROOT\CLSID\{AEB6717E-7E19-11D0-97EE-00C04FD91972}\InProcServer32
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
  • HKEY_CLASSES_ROOT\.ade
  • HKEY_CLASSES_ROOT\.adp
  • HKEY_CLASSES_ROOT\.app
  • HKEY_CLASSES_ROOT\.asp
  • HKEY_CLASSES_ROOT\.bas
  • HKEY_CLASSES_ROOT\.bat
  • HKEY_CLASSES_ROOT\.cer
  • HKEY_CLASSES_ROOT\.chm
  • HKEY_CLASSES_ROOT\.cmd
  • HKEY_CLASSES_ROOT\.com
  • HKEY_CLASSES_ROOT\.cpl
  • HKEY_CLASSES_ROOT\.crt
  • HKEY_CLASSES_ROOT\.csh
  • HKEY_LOCAL_MACHINE\Software\Microsoft\COM3
  • HKEY_USERS\S-1-5-21-1935655697-1606980848-1060284298-1003_Classes
  • HKEY_LOCAL_MACHINE\Software\Classes
  • \REGISTRY\USER
  • HKEY_LOCAL_MACHINE\Software\Classes\CLSID
  • CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}
  • CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\TreatAs
  • \CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}
  • \CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InprocServer32
  • \CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InprocServerX86
  • \CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\LocalServer32
  • \CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InprocHandler32
  • \CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InprocHandlerX86
  • \CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\LocalServer
  • HKEY_CLASSES_ROOT\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}
  • HKEY_CLASSES_ROOT\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\TreatAs
  • HKEY_CLASSES_ROOT\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InProcServer32
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\\Ranges\
  • HKEY_LOCAL_MACHINE\System\Setup
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\\0
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\\1
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\\2
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\\3
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\\4
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4
  • HKEY_CLASSES_ROOT\PROTOCOLS\Name-Space Handler\
  • HKEY_CLASSES_ROOT\PROTOCOLS\Name-Space Handler\C\
  • HKEY_CLASSES_ROOT\PROTOCOLS\Name-Space Handler\*\
  • HKEY_CURRENT_USER\SOFTWARE\Classes\PROTOCOLS\Handler\C
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\C
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESPECT_OBJECTSAFETY_POLICY_KB905547
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
  • HKEY_CLASSES_ROOT\exefile\\shell\open
  • HKEY_CLASSES_ROOT\exefile\\shell\open\command
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\RestrictRun
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\Eula.exe
  • HKEY_CLASSES_ROOT\exefile\\shell\open\ddeexec
  • HKEY_CLASSES_ROOT\Applications\Eula.exe
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\FileAssociation
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer
  • CLSID\{B801CA65-A1FC-11D0-85AD-444553540000}
  • CLSID\{B801CA65-A1FC-11D0-85AD-444553540000}\TreatAs
  • \CLSID\{B801CA65-A1FC-11D0-85AD-444553540000}
  • \CLSID\{B801CA65-A1FC-11D0-85AD-444553540000}\InprocServer32
  • \CLSID\{B801CA65-A1FC-11D0-85AD-444553540000}\InprocServerX86
  • \CLSID\{B801CA65-A1FC-11D0-85AD-444553540000}\LocalServer32
  • \CLSID\{B801CA65-A1FC-11D0-85AD-444553540000}\InprocHandler32
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Ole
  • HKEY_CLASSES_ROOT\AppID\AcroRd32.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE
  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\ComputerName
  • ActiveComputerName
  • HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\11.0\AVGeneral
  • HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\11.0\AVGeneral\cRecentFiles
  • Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
  • HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
  • HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Path1
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Path2
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Path3
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Path4
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Special Paths
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014071720140718
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_AUTOPROXY_CACHE_ANAME_KB921400
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_TEMPORARYFILES_FOR_NOCACHE_840387
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_TEMPORARYFILES_FOR_NOCACHE_840386
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\RETRY_HEADERONLYPOST_ONCONNECTIONRESET
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CHUNK_TIMEOUT_KB914453
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CERT_TRUST_VERIFIED_KB936882
  • HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
  • HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BUFFERBREAKING_818408
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SKIP_POST_RETRY_ON_INTERNETWRITEFILE_KB895954
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENSURE_FQDN_FOR_NEGOTIATE_KB899417
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_DISABLE_NTLM_PREAUTH_IF_ABORTED_KB902409
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PERMIT_CACHE_FOR_AUTHENTICATED_FTP_KB910274
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WPAD_STORE_URL_AS_FQDN_KB903926
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_CNAME_FOR_SPN_KB911149
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_KEEP_CACHE_INDEX_OPEN_KB899342
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WAIT_TIME_THREAD_TERMINATE_KB886801
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FIX_CHUNKED_PROXY_SCRIPT_DOWNLOAD_KB843289
  • HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Http Filters\RPA
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Http Filters\RPA
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_INCLUDE_PORT_IN_SPN_KB908209
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CertDllOpenStoreProv
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CertDllOpenStoreProv\#16
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CertDllOpenStoreProv\Ldap
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 1
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 1\CertDllOpenStoreProv
  • HKEY_USERS\S-1-5-21-1935655697-1606980848-1060284298-1003\Software\Microsoft\SystemCertificates\MY\PhysicalStores
  • HKEY_USERS\S-1-5-21-1935655697-1606980848-1060284298-1003\Software\Microsoft\SystemCertificates\MY
  • HKEY_USERS\S-1-5-21-1935655697-1606980848-1060284298-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList
  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1935655697-1606980848-1060284298-1003
  • HKEY_USERS\S-1-5-21-1935655697-1606980848-1060284298-1003\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
  • HKEY_USERS\S-1-5-21-1935655697-1606980848-1060284298-1003\Environment
  • HKEY_USERS\S-1-5-21-1935655697-1606980848-1060284298-1003\Volatile Environment
  • HKEY_USERS\S-1-5-21-1935655697-1606980848-1060284298-1003\Software\Microsoft\SystemCertificates\MY\
  • HKEY_USERS\S-1-5-21-1935655697-1606980848-1060284298-1003\Software\Microsoft\SystemCertificates\MY\\Certificates
  • HKEY_USERS\S-1-5-21-1935655697-1606980848-1060284298-1003\Software\Microsoft\SystemCertificates\MY\\CRLs
  • HKEY_USERS\S-1-5-21-1935655697-1606980848-1060284298-1003\Software\Microsoft\SystemCertificates\MY\\CTLs
  • HKEY_USERS\S-1-5-21-1935655697-1606980848-1060284298-1003\Software\Microsoft\SystemCertificates\MY\\Keys
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\RASAPI32
  • HKEY_USERS\S-1-5-21-1935655697-1606980848-1060284298-1003\Software\Microsoft\windows\CurrentVersion\Internet Settings
  • HKEY_USERS\S-1-5-21-1935655697-1606980848-1060284298-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
  • HKEY_USERS\S-1-5-21-1935655697-1606980848-1060284298-1003\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections
  • HKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_URLHOSTNAME
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\\Domains\adobe.com
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adobe.com
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\\ProtocolDefaults\
  • Software\Adobe\Adobe Synchronizer\11.0\CredentialsV2

Processes

registry filesystem process services network synchronization

AcroRd32.exe PID: 456, Parent PID: 252

Volatility

Nothing to display.